Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NKt5K--tFBTQo4pHam7uQJ1aYco.roa
File: NKt5K--tFBTQo4pHam7uQJ1aYco.roa (raw, json)
Hash identifier: ZSNJpeZNvAl/j9rr4fyoQeBkFpDZWQ4cFAA1c+9gZAU=
Subject key identifier: 34:AB:79:2B:EF:AD:14:14:D0:A3:8A:47:6A:6E:EE:40:9D:5A:61:CA
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018A4F5859E06FC1AA99C6B5717653D299D3
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NKt5K--tFBTQo4pHam7uQJ1aYco.roa
Signing time: Fri 01 Sep 2023 06:05:04 +0000
ROA not before: Fri 01 Sep 2023 06:05:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 22653
IP address blocks: 185.221.66.0/24 maxlen: 24
85.217.128.0/24 maxlen: 24
164.40.186.0/23 maxlen: 24
164.40.184.0/24 maxlen: 24
185.225.72.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:4f:58:59:e0:6f:c1:aa:99:c6:b5:71:76:53:d2:99:d3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Sep 1 06:05:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=34ab792befad1414d0a38a476a6eee409d5a61ca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:48:6f:cd:f3:8b:83:4e:8f:ec:40:13:ed:eb:
0a:c0:1c:ce:49:2f:27:98:0e:e7:0d:4e:9b:d0:2c:
d5:27:22:ae:94:81:f2:59:4e:15:ec:20:54:fa:5c:
8c:20:57:7b:cf:bf:1e:ce:16:02:9c:c3:c5:dd:87:
0c:8b:b7:2d:78:01:35:02:d2:52:9a:78:7a:f3:34:
97:43:cb:35:6a:df:7a:3d:0a:a1:d6:8a:bc:fa:fe:
63:04:69:1a:2f:dc:4d:a8:8a:8b:59:83:98:16:11:
94:3b:cd:28:16:10:3f:80:9f:86:13:89:95:64:11:
6c:02:d9:7d:7c:b2:90:cd:72:85:e5:28:95:72:eb:
89:de:ed:c4:6f:dc:f1:e2:32:4a:67:ef:85:bf:53:
2f:dd:95:a8:a5:41:1f:bb:80:d0:4d:cd:d2:05:61:
92:4a:3b:de:1f:d1:af:b8:f1:31:1a:f3:fe:87:b5:
1e:60:63:89:68:50:2c:ee:a3:5b:0c:68:0a:b3:0f:
11:a2:3f:77:b7:df:ee:55:42:cf:04:af:0e:40:21:
80:8c:f8:75:a5:05:82:a3:98:3b:43:e2:6f:6f:3e:
2e:48:56:01:63:0e:dd:5d:41:00:3a:b2:e2:5c:26:
b1:f3:35:fe:16:dc:48:45:55:95:5f:56:9a:ef:6f:
9b:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:AB:79:2B:EF:AD:14:14:D0:A3:8A:47:6A:6E:EE:40:9D:5A:61:CA
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NKt5K--tFBTQo4pHam7uQJ1aYco.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.217.128.0/24
164.40.184.0/24
164.40.186.0/23
185.221.66.0/24
185.225.72.0/24
Signature Algorithm: sha256WithRSAEncryption
4b:00:38:b8:fd:45:98:ac:d0:59:55:50:c2:2b:b9:bd:7c:24:
45:e7:14:6a:e5:5e:20:08:a9:9f:12:d9:9d:98:70:59:fd:27:
5c:ee:37:43:e1:75:45:d6:47:6d:41:82:7e:56:e1:b4:aa:7d:
89:ec:95:df:89:50:0b:a2:96:87:eb:42:01:50:af:e6:35:df:
05:ed:c1:b9:3f:e0:17:d0:5f:da:1d:cf:3b:20:4c:86:51:1a:
06:12:cc:5a:32:fc:55:b1:01:76:55:29:50:b3:3d:36:ff:bc:
60:10:c4:e0:02:f9:6d:23:5c:bd:26:84:99:8d:0e:61:d7:e0:
79:2c:8d:8f:db:13:54:f5:80:98:a5:33:d7:ee:fb:2c:19:36:
10:1d:f7:4d:98:09:71:2e:a6:37:17:e8:33:a6:9e:1b:f7:6e:
2e:36:2e:ff:c9:40:9e:c9:e0:11:bd:38:60:db:59:27:27:c3:
cf:5f:03:ac:c6:c1:ed:b0:60:57:0f:d3:28:16:f1:9f:e0:87:
95:72:98:02:47:59:1a:45:4a:9c:8c:2d:98:e4:fd:bb:96:08:
7c:fd:db:a0:ab:53:8d:e0:9d:da:3e:39:bc:b4:a2:00:e3:09:
0b:58:c3:eb:5d:f6:d4:46:ee:87:7c:e8:6d:af:7d:4e:71:11:
9c:13:fb:58
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYpPWFngb8Gqmca1cXZT0pnTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwOTAxMDYwNTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGFiNzkyYmVmYWQxNDE0ZDBhMzhhNDc2YTZlZWU0MDlkNWE2MWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjUhvzfOLg06P7EAT7esKwBzOSS8n
mA7nDU6b0CzVJyKulIHyWU4V7CBU+lyMIFd7z78ezhYCnMPF3YcMi7cteAE1AtJS
mnh68zSXQ8s1at96PQqh1oq8+v5jBGkaL9xNqIqLWYOYFhGUO80oFhA/gJ+GE4mV
ZBFsAtl9fLKQzXKF5SiVcuuJ3u3Eb9zx4jJKZ++Fv1Mv3ZWopUEfu4DQTc3SBWGS
SjveH9GvuPExGvP+h7UeYGOJaFAs7qNbDGgKsw8Roj93t9/uVULPBK8OQCGAjPh1
pQWCo5g7Q+Jvbz4uSFYBYw7dXUEAOrLiXCax8zX+FtxIRVWVX1aa72+brwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFDSreSvvrRQU0KOKR2pu7kCdWmHKMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTkt0NUstLXRGQlRRbzRwSGFtN3VRSjFhWWNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAVdmAAwQA
pCi4AwQBpCi6AwQAud1CAwQAueFIMA0GCSqGSIb3DQEBCwUAA4IBAQBLADi4/UWY
rNBZVVDCK7m9fCRF5xRq5V4gCKmfEtmdmHBZ/Sdc7jdD4XVF1kdtQYJ+VuG0qn2J
7JXfiVALopaH60IBUK/mNd8F7cG5P+AX0F/aHc87IEyGURoGEsxaMvxVsQF2VSlQ
sz02/7xgEMTgAvltI1y9JoSZjQ5h1+B5LI2P2xNU9YCYpTPX7vssGTYQHfdNmAlx
LqY3F+gzpp4b924uNi7/yUCeyeARvThg21knJ8PPXwOsxsHtsGBXD9MoFvGf4IeV
cpgCR1kaRUqcjC2Y5P27lgh8/dugq1ON4J3aPjm8tKIA4wkLWMPrXfbURu6HfOht
r31OcRGcE/tY
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:31 2024 by rpki-client on console-ams.rpki-client.org